Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0

Enke Chen <enchen@paloaltonetworks.com> Thu, 17 December 2020 02:40 UTC

Return-Path: <enchen@paloaltonetworks.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A0B23A13B3 for <idr@ietfa.amsl.com>; Wed, 16 Dec 2020 18:40:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paloaltonetworks.com header.b=AkH8e2Vq; dkim=pass (2048-bit key) header.d=paloaltonetworks-com.20150623.gappssmtp.com header.b=RwH09Qsq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ER-isaIKrpxo for <idr@ietfa.amsl.com>; Wed, 16 Dec 2020 18:40:15 -0800 (PST)
Received: from mx0b-00169c01.pphosted.com (mx0b-00169c01.pphosted.com [67.231.156.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8168B3A13EA for <idr@ietf.org>; Wed, 16 Dec 2020 18:40:15 -0800 (PST)
Received: from pps.filterd (m0048188.ppops.net [127.0.0.1]) by mx0b-00169c01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0BH2dhLm008927 for <idr@ietf.org>; Wed, 16 Dec 2020 18:40:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks.com; h=mime-version : from : date : message-id : subject : to : cc : content-type; s=PPS12012017; bh=wZt+W1vgUHDPghUFz56v0DK6R8q+h1GDIGLeJs4cBp4=; b=AkH8e2Vq1bgamGgZSvmjsIRuJIMvXETuNCXx/uM3UogZzwZeajEZK2IjQpns/Ef4Qpir CGZXmh9hIXOw7fGGbbfx94aUY4lZLAQ2kSoWcXNzEYX/h6nR6NUY5Nnwk8ObMbhT3uN5 UXODOp6MAkZLkUeMDgANxD3SDt6THC4tdRtFWecL/zKWTXQpWF9oTYZY96/D6uuv3hq6 Q8Y21hF1tpXyuwlO1gfTH445biItFj9z/uRaETf71obnzal88FYHK9OYYNbGN15+m/fq lagf1oXRKPzuOjbD1BDF2coyY8d7kt9U4LeQMdIuMOWjlonxIT6wvASJ2J9SldCnxT1J ng==
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by mx0b-00169c01.pphosted.com with ESMTP id 35fxamg3hu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <idr@ietf.org>; Wed, 16 Dec 2020 18:40:14 -0800
Received: by mail-lf1-f70.google.com with SMTP id q13so10563215lfd.16 for <idr@ietf.org>; Wed, 16 Dec 2020 18:40:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paloaltonetworks-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=wZt+W1vgUHDPghUFz56v0DK6R8q+h1GDIGLeJs4cBp4=; b=RwH09QsqJhePJgEF4qUPjGFcHmsuD+6MDVkZm2QWmNYXwRBCGSg1m7VtGaeSBgzim6 ZnBNWu7Zk4D9pcGBdLGVte10hgF6OaIMLiOXtBOzGcg22hjxQocRHdiSBz3Y0BrGFawx qqMoCCFsOS9ucJITzmce8vdcyh1YlYJ58OYlO1g9bKnJdOX3tH6MMlYXjsv/uQsA8oKz nZIWiVinjZnJDGt68cwpDo4fdx+l//bsKEX1/4CR6Ewc1eM9vc7D28FyQuOjdaSrKbEK UJADDSDVP3MobmZs+vlfpmmNooczYMIxmWdUIkCwtxkPL333I0EOeb0VXmf4FnfJJIFq 6zmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wZt+W1vgUHDPghUFz56v0DK6R8q+h1GDIGLeJs4cBp4=; b=ctdbsf2RJdCYyKdhxM7FuhTkdZvYqAmCTR2wVmvf7PiMc38c+nkuaYlaV7cZPVT8WW wenvIitYutwHJ32c9y3Wuj9zQpquVm8ynl4DXqMkRLXk8eU2opMY5TnxCgalA4lRALP5 Rym8ecX4B6lFBs8O2Nfai9a0ycCM2AnJbpAiVprCYoYFUMkBYroIv1z7Mf2eU1C8lW/4 A0wojsySOhMI7CNOQ8BD7n0Z3pcNtGnvpqYGM/HGY9RJKNqAlkWxRJ9nKvxmxCnUeYvu tu7PTKJoyBCBx6hBH89VCHO5aU/i5wjZFzNqQ94TI7efVutzUrarZwvMo0XqmLnVkTkc Sstw==
X-Gm-Message-State: AOAM532RIGVxR24vwpdknTqf5S53wLqpB56Rw2zfFz2giw37oVZJldfV s6iqOBSTte+oFzKw+PXbcTm59TEN7McQgykSzd4zXHuCZ+kgNn7570ByMJOUlzp3aZ7e55kvcxT hdXGAlM4TGKHDPTaPiJQ=
X-Received: by 2002:a19:8983:: with SMTP id l125mr7784371lfd.274.1608172812529; Wed, 16 Dec 2020 18:40:12 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwta3pIfOCcZCM/MaBTOHAQy7Tyh5JMzyJeAGnqn9edx8LDCOZyJmWUDzKUThP+MS7MZZWVI8NpZj+/6E54w+0=
X-Received: by 2002:a19:8983:: with SMTP id l125mr7784363lfd.274.1608172812207; Wed, 16 Dec 2020 18:40:12 -0800 (PST)
MIME-Version: 1.0
From: Enke Chen <enchen@paloaltonetworks.com>
Date: Wed, 16 Dec 2020 18:40:01 -0800
Message-ID: <CANJ8pZ_02njLOJxJPAW4vT3q0EPGB6WY1ZGemQpfiXNMhadb6A@mail.gmail.com>
To: Job Snijders <job@sobornost.net>
Cc: idr@ietf.org, Enke Chen <enchen@paloaltonetworks.com>
Content-Type: multipart/alternative; boundary="00000000000035ab1e05b69fe93e"
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-16_12:2020-12-15, 2020-12-16 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 phishscore=0 spamscore=0 malwarescore=0 bulkscore=0 suspectscore=0 priorityscore=1501 mlxscore=0 clxscore=1015 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012170017
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/uAh2gWiNntgZ0E0qzjHY8eJtgLE>
Subject: Re: [Idr] TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 02:40:25 -0000

Hi, Folks:

Regarding the patch for openBGPD pointed out by Job, I do not think it
would work. When the TCP rcv window from the remote is 0, the BGP keepalive
can still be queued to the socket buffer. It can take a long time for the
socket buffer to be filled up by BGP keepalives.

It seems that the TCP_USER_TIMEOUT option can be used for the persistent
zero-size window issue.  The timeout value could be multiples of the
holdtimer (with min and max adjustments), perhaps somewhere around 5 or 6
minutes.

Thanks.   -- Enke

----------

Job Snijders <job@sobornost.net> Tue, 15 December 2020 21:54 UTC
<https://mailarchive.ietf.org/arch/browse/idr/#>

[snip]
How to solve this? Claudio Jeker took a look at what it would take in
OpenBGPD and came up with the (tiny!) following patch, should be
readable to most: https://marc.info/?l=openbsd-tech&m=160796802508185&w=2